Lesson 1, Topic 1
In Progress

Implementation of the policies and processes

The easiest way to implement the standard chapters is to assign responsibilities to persons or groups. This could look something like the following table:

Chapters of VdS 10000Responsibility for implementation
4. Organisation of information securityManagement
5. Information security policyManagement, ISO/ISB
6. Information security guidelinesISO/ISB, IT-Officer
7. EmployeesManagement, Human resources
8. KnowledgeISO/ISB, IT-Officer
9. Identifying critical IT systemsISO/ISB, IT-Team
10. IT systemsIT-Officer
11. Networks and connectionsIT-Officer
12. Mobile data carriersIT-Officer
13. EnvironmentIT-Officer
14. IT outsourcing and cloud computingIT-Officer
15. Physical access and access rightsIT-Officer
16. Data backup and archivingIT-Officer
17. Faults and failuresISO/ISB, IT-Officer
18. Security incidentsISO/ISB, IT-Officer
Appendix AManagement, ISO/ISB, Quality management officer

Changes in operations should always be clearly communicated to all staff to enable compliance. Continuous improvement should be the goal, so changes should also be communicated to staff, for example via company emails. Try to listen to and involve employees to avoid a complex and unacceptable pile of rules and regulations that would lead to uncertainty and ineffectiveness in the workplace. You can find tips on simple systems or procedures in the respective document templates.